[strongSwan-dev] [Strongswan]: Node is replying for ISAKMP message for unconfigured connection

jegathesh malaiyappan mjegakathir at gmail.com
Sat Mar 16 12:13:40 CET 2013


16:11:01.349352 IP 4.1.1.1.isakmp > 4.1.1.10.isakmp: isakmp: phase 2/others
? #37[]
16:11:01.349602 IP 4.1.1.10.isakmp > 4.1.1.1.isakmp: isakmp: phase 2/others
? #37[]

16:11:11.349635 IP 4.1.1.1.isakmp > 4.1.1.10.isakmp: isakmp: phase 2/others
? #37[]
16:11:11.349875 IP 4.1.1.10.isakmp > 4.1.1.1.isakmp: isakmp: phase 2/others
? #37[]


On Sat, Mar 16, 2013 at 4:36 PM, jegathesh malaiyappan <
mjegakathir at gmail.com> wrote:

> Hi,
>
>
>
> *Strongswan : 4.5.3 *
>
>
>
> *NODE A*  ß
> -----------------------------------------------------------------------àNODE
> B
>
> (Initiator &
> Responder)
> (Initiator & Responder)
>
>
>
> NODE A ---à conn403 is configured in NODE A
>
> NODE B  --à conn403 is not configured in NODE B
>
>
>
> NODE A is sending ISAKMP message to NODE B. This is excepted behavior.
>
>
>
> But, NODE B is responding for this un-configured connection message.
>
>
>
> Is this expected behavior in Strongswan? Please clarify me this.
>
>
>
> <snip>
>
> conn conn403
>
>   type=tunnel
>
>   leftsubnet=4.1.1.1/32
>
>   rightsubnet=40.1.1.100/24
>
>   left=4.1.1.1
>
>   right=4.1.1.10
>
>   keyexchange=ikev2
>
>  reauth=no
>
>   ike=aes128-sha1-modp1024,3des-sha1-modp1024!
>
>   ikelifetime=84395s
>
>   esp=aes128-sha1,3des-sha1!
>
>   authby=pubkey
>
>   rightid=%any
>
>   leftid="192.168.255.129"
>
>   keylife=86400s
>
>   dpdaction=restart
>
>   dpddelay=10
>
>   dpdtimeout=120
>
>   rekeyfuzz=50%
>
>   rekeymargin=180s
>
> </snip>
>
>
> Thanks in advance.
>
>
> -Jegathesh
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20130316/b512b66d/attachment.html>


More information about the Dev mailing list